XBRL Audit Issues

Download Report

Transcript XBRL Audit Issues 

XBRL Audit Issues
eXtensible Audits
Presenter John Ryan
Available at
http://www.ryannetworks.com
Topic Outline
 XBRL Overview
 Easing
Financial Reporting
 Red Flags for Accountants and
Investors
 Auditor’s New Roles
 Sarbanes-Oxley 404 issues
XBRL Overview
 History
 Goals
 Outlook
 Looking
Deeper
 Examples
History
 Started
as AICPA project
 Adopted by w3c
 Creation of XBRL.org
 Accepted by Microsoft, SEC
Goals
 Common
Language
 To reduce filing burdens
 Napster for accountants
 Lower the cost of finance depts.
The XBRL GL was created to
meet these goals:

Multi-GAAP, drill-up to multi-XBRL reporting
taxonomies.
 Standard format for 3rd-party software to
create journal entries to pull into client GL
system.
 Standard format to move unposted and
posted GL information back and forth from
branch offices to consolidating systems,
budgeting and forecasting tools, reporting
tools.
Goals Cont.

Standard format to upload general ledger
information as well as payables and
receivables master files and open balances in
migrating from one system to another or
moving information to or from an Internet
Application Service Provider (ASP).
 Standard format to move information from
client systems to CPA/CA.
 Standard format to move information from
one CPA/CA system (e.g., write-up) to
another (e.g., tax) in an international context.
Goals Cont…





Standard format to represent open receivables, open
payables, inventory balances, and other asset-based
measures for sharing with banks.
Tool for representing detail drill-down for performance
measurement reporting items.
Extensible for any type of mandatory audit trail.
Extensible for meeting any "sub-ledger" need.
Designed as XBRL spec-compliant but for easy
translation to other uses; cannot assume that XBRL
period, entity, unit and other context (numeric,
nonnumeric) will automatically be there.
Outlook
 Adoption
by Microsoft, and the SEC
(Edgar Online)
 Adoption by 100% of major accounting
packages, Oracle, Peoplesoft, SAS…
 Still Immature (SEC XBRL filings are
hidden inside .gif files to avoid rejection)
 Thousands of Dollars problem
Instance Document Creation

Blast Radius (XMetal)
 CaseWare International
 Creative Solutions
 Fujitsu
 Hitachi Systems and Services
 Microsoft Business Solutions
 Semansys Technologies
 Ubmatrix
Taxonomy Creation
 Fujitsu
 Hitachi
Systems and Services
 Semansys
 Ubmatrix
XBRL Validation
 DecisionSoft
 J2R
 Fujitsu
 Semansys
 UBmatrix
Technologies
Easing Financial Reporting
 Agreement
on Terms
 Create One Data Set
 Distribute
multiple forms
Agreeing On Terms – Context
Word
Context
Meaning
Mercury
Astronomy Planet
Mercury
Greek
God
Mercury
Chemistry
Element
Mercury
Music
Company
Mercury
Auto
Car
Mercury
Aerospace Rocket
XBRL is XML – The Absolute
Beginners Guide to XML
<!-- The original html recipe -->
<HTML>
<HEAD>
<TITLE>Lime Jello Marshmallow Cottage Cheese Surprise</TITLE>
</HEAD>
<BODY>
<H3>Lime Jello Marshmallow Cottage Cheese Surprise</H3>
My grandma's favorite (may she rest in peace).
<H4>Ingredients</H4>
<TABLE BORDER="1">
<TR BGCOLOR="#308030"><TH>Qty</TH><TH>Units</TH><TH>Item</TH></TR>
<TR><TD>1</TD><TD>box</TD><TD>lime gelatin</TD></TR>
<TR><TD>500</TD><TD>g</TD><TD>multicolored tiny marshmallows</TD></TR>
<TR><TD>500</TD><TD>ml</TD><TD>cottage cheese</TD></TR>
<TR><TD></TD><TD>dash</TD><TD>Tabasco sauce (optional)</TD></TR>
</TABLE>
<P>
<H4>Instructions</H4>
<OL>
<LI>Prepare lime gelatin according to package instructions...</LI>
<!-- and so on -->
</BODY>
</HTML>
Now in XML
<?xml version="1.0"?>
<Recipe>
<Name>Lime Jello Marshmallow Cottage
Cheese Surprise</Name>
<Description>
My grandma's favorite (may she rest in
peace).
<Ingredient>
<Qty unit="ml">500</Qty>
<Item>Cottage cheese</Item>
</Ingredient>
<Ingredient>
<Qty unit="dash"/>
<Item optional="1">Tabasco sauce</Item>
</Description>
</Ingredient>
<Ingredients>
</Ingredients>
<Ingredient>
<Instructions>
<Qty unit="box">1</Qty>
<Item>lime gelatin</Item>
<Step>
Prepare lime gelatin according to package instructions
</Ingredient>
</Step>
<Ingredient>
<!-- And so on... -->
<Qty unit="g">500</Qty>
<Item>multicolored tiny
marshmallows</Item>
</Ingredient>
</Instructions>
</Recipe>
A Markup
<!ELEMENT Ingredients (Ingredient)*>
<!ELEMENT Ingredient (Qty, Item)>
<!-- This is the example DTD
<!ELEMENT Qty (#PCDATA)>
for the example XML -->
<!ELEMENT Recipe (Name, <!ATTLIST Qty unit CDATA
Description?, Ingredients?, #REQUIRED>
Instructions?)>
<!ELEMENT Item (#PCDATA)>
<!ELEMENT Name
(#PCDATA)>
<!ATTLIST Item optional CDATA "0"
<!ELEMENT Description
(#PCDATA)>
"true">
isVegetarian CDATA
<!ELEMENT Instructions (Step)+>
<BODY>
XSL
<?xml version="1.0"?>
<H3>
<xsl:value-of select="Name"/>
</H3>
<xsl:stylesheet
xmlns:xsl="http://www.w3.org/TR/WD-xsl">
<STRONG>
<xsl:template match="/Recipe">
<xsl:value-of
select="Description"/>
<HTML>
<HEAD>
</STRONG>
<TITLE>
<xsl:apply-templates/>
<xsl:value-of select="Name"/>
</BODY>
</TITLE>
</HTML>
</HEAD>
</xsl:template>
XBRL Concept
There are two components
that we can consider: an
XBRL instance and its
associated taxonomy set.
While the XBRL instance
contains the concrete facts
(e.g., the value of the
business concept
"sales_per_share") being
reported, the
taxonomy contains descriptions of the business concepts (e.g., the
description of the business concept "sales_per_ share", what its
syntax is, how it is calculated, etc.) that are being reported.
Example XBRL
<ifrs-gp:AssetsHeldSale
contextRef=“Current_AsOf”
unitRef=“U-Euros” Decimals=“0”>
100000 </ifrs-gp:AssetsHeldSale>
Taxonomies
 Approved
Taxonomies comply with
official guidelines for the taxonomy and
with the XBRL Specification
 Acknowledged Taxonomies meet the
XBRL Specification only
 Private Taxonomies have no
requirements
Link Base – Five Links in Three
Categories
 Label
links (labelLink)
 Reference links (referenceLink)
 Relation links (calculationLink,
definitionLink, presentationLink)
Label And Ref Links
Label and reference links
relate business concepts
to metadata. For instance,
label links can associate
concepts with text strings
that can be used to label
(or otherwise document)
the concept in a report
(e.g., the label "Revenues in most recent quarter" for the item
revenueMRQ defined in the taxonomy). Multiple labels can be
defined for a single business concept in different languages. The
XBRL instance author can decide which labels to use for that
particular instance.
Labels used for Authority
Similarly, reference links can associate references to
authoritative literature in the business domain. The
mechanism used is similar to the label links in that you define
a reference link with a locator for the business concept, one
or more references to documentation, and a referenceArc
defining the association between the locator and the
reference(s).
Links For Calculations
In contrast to label and reference links that relate business
concepts to metadata, relation links relate business concepts
to other business concepts. For example, calculation links
define how a given concept figures in the calculation of
another business concept. For example, the concept
"profitAfterTax" is calculated from the concepts
"profitBeforeTax" and "taxPaid" by subtracting one from the
other.
profitAfterTax = weight(1) * profitBeforeTax + weight(1)*taxPaid
More About Links
The relationship between these
three business concepts is
captured in the calculationLink in
Figure 3.
Definition links describe several
types of relationships among
business concepts, such as
generalization-specialization
relationships (e.g., "postalCode" is a generalization of "zipCode")
among others. Presentation links, as the name implies, define the
relationships between concepts from a presentation perspective (e.g.,
in the presentation of the report, a parent/child relationship should be
shown between "sales" and "printerSales").
Sample XBRL Application
Index of Taxonomies
Jurisdiction
Taxonomy
Spec
Level
Status
Australia
GAAP Commercial and Industrial
2.0
-
-
Canada
GAAP Primary Financial Statements
2.0
Ack
Draft
Germany
AP Commercial and Industrial
2.0
Ack
Draft
IASB
IFRS General Purpose
2.1
Ack
Draft
Korea
GAAP Primary Financial Statements
2.0
Ack
Draft
New Zealand
GAAP Commercial and Industrial
2.1
Ack
Draft
UK
GAAP Commercial and Industrial
2.1
Ack
Draft
Inland Revenue – Corporation Tax
2.1
-
-
US FR Taxonomy Framework
2.1
Ack
Draft
GAAP Commercial and Industrial
2.0
Ack
Draft
GAAP – Banking and Savings
Institutions
2.0
US
Red Flags
 Easy
shifting of data between
accounting models
 Quick and Dirty Ratio Testing
 Non-Audit Fees and Bond Rating
Effects of Financial Leverage
on ROE
 Assume
cost of debt is 8% and total
assets = $100
 EBIT = earnings before interest and
taxes
 EBT = earnings before taxesROE =
return on equity
 Tax Rate = 50%. Assume losses result
in tax credit
Panel A 0% Leverage
Rates of return on
assets
0%
4%
8%
12%
16%
$0.00
$4.00
$8.00
$12.00
$16.00
0
0
0
0
0
EBT
Taxes
$0.00
0
$4.00
2
$8.00
4
$12.00
6
$16.00
8
Earnings avail com eq
$0.00
$2.00
$4.00
$6.00
$8.00
0.00%
2.00%
4.00%
6.00%
8.00%
EBIT
Interest Expense
ROE
Panel B 25% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-2
-2
-2
-2
-2
EBT
Taxes
Earnings avail com
eq
($2.00)
-1
$2.00
1
$6.00
3
$10.00
5
$14.00
7
($1.00)
$1.00
$3.00
$5.00
$7.00
ROE
-1.30%
1.30%
4.00%
6.70%
9.30%
Interest Expense
Panel C 50% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-4
-4
4
4
4
($4.00)
$0.00
$12.00
$16.00
$20.00
-2
0
6
8
10
Earnings avail com eq
($2.00)
$0.00
$6.00
$8.00
$10.00
ROE
-2.00%
0.00%
4.00%
8.00%
12.00%
Interest Expense
EBT
Taxes
Panel D 75% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-6
-6
-6
-6
-6
($6.00)
($2.00)
$2.00
$6.00
$10.00
-3
-1
1
3
5
($3.00)
($1.00)
$1.00
$3.00
$5.00
-12.00%
-4.00%
4.00%
12.00%
20.00%
Interest Expense
EBT
Taxes
Earnings avail com eq
ROE
Risk
Capital Markets
Security Markets
Expected Returns
Expected Returns
E(Risk)
Ris(free)
E(Risk)
Ris(free)
Sigma
Beta
Horrigan Bond Rating Model
Z=(1.197 x X0) + (.034 x X1) + (.272 x X2) –
(.501 x X3) + (4.519 x X4) – (.203 x X5)
 X0 1 or (0) if the bond is un-subordinated
(subordinated)
 X1 = Total Assets
 X2 = Common equities / total debt
 X3 = Working capital /sales
 X4 = Operating profit / sales
 X5 = Sales / stockholders’ equity

Ratings
 AAA
 AA
A
 BBB
 BB
B
or Lower
2.855 < Z
2.094 < Z < 2.855
1.062 < Z < 2.094
0.838 < Z < 1.062
0.360 < Z < 0.838
Z < 0.360
Non-Audit Fees and Bond Rating –
AaronCrabtreePresentation at www.bus.lsu.edu
Recent accounting scandals and perceived audit failures have
resulted in excessive criticism of the accounting and auditing
professions. […] Our research investigates one aspect of this
situation by exploring the effects that non-audit services performed
by a firm s external auditors have on perceived auditor
independence in the bond market. Specifically, we analyze the
effects that the magnitude and relative degree of non-audit services
have on the bond rating process. Regression results indicate that the
amount of non-audit services provided by a firm s external auditors is
negatively associated with that client s bond rating. […] provide
empirical evidence regarding the role that audit and non-audit
service fees play in establishing a firm s bond rating.
Trouncing the DOW Pension
Fund (by Kenneth Lee)
 Uses
Ratios do determine Buy and Sell
Points
 Good Track Record based on ROE vs
price movements (28% avg annual
return from 1973-1996.)
 In 2001 Buys Coca-Cola because ROE
is up 50% but price is not
Coke Misbehaves
Stephen Taub, CFO.com - January 16, 2004
The Coca-Cola Co. announced that the Securities and Exchange
Commission has launched a formal investigation of the soft-drink
giant.
The probe stems from allegations made by former finance
manager and whistle-blower Matthew Whitley, who sought a $44.4
million settlement from the company on the grounds that he had
been fired in retaliation for raising concerns about accounting
fraud….
Coke Admits Misbehavior
Atlanta Journal 6/18/03
Coca-Cola admitted Tuesday that a high-level employee faked
[…] a written apology from Coke's president and chief operating
officer.
The extraordinary exchange highlighted a day in which Coke
admitted to some -- but not all -- of the allegations raised by a
former employee, Matthew Whitley. […] wasn't told about the
deception when Coke discovered it in 2001. Fisher was fined, but
he kept his job and even was promoted. He no longer works for
Coke.
The Cause ?
Coke's largest shareholder, Warren Buffett, has argued that the
existence of stock options has induced many executives to doctor
financial reports in order to inflate the price of company shares.
Enron executives, for example, received tens of millions of dollars
by cashing in stock options while their company's financial
statements showed false information.
"I think accounting generally, in recent years, has deteriorated and
it's done so with the help of management," said Mr. Buffett, who is
a member of the boards of directors of Coca-Cola and The
Washington Post.
My Investment went Ouch! –
The Cure
 Sarbanes-Oxley
 Continuous,
timely auditing
 Transparency
 Separation of Auditors & Consultants
 XBRL
 Could XBRL help predict this?
MINI – Minority Interest Net
Income
Exibit 1 Financial Statement of CocaCoal (CCE - in Millions of Dollars
Panel A: Income Statement for the Year ending December 31 2001
Net Operating Revenues
Cost of Goods Sold
Gros Profit
SG&A Expenses
Operating Income
Interest Income
Interest Expense
Investment Income
Other Income
Minority Interest Net Icome
Income Before Taxes
Income Taxes
Net Income before Accounting Change
Cummulative Effect of Accounting Change
Net Income
Bottlers
Conslidated
Coke (Parent) (Subsidiary)
Entity
20,092.00
15,700.00
30,663.00
(6,044.00)
(9,740.00) (11,078.00)
14,048.00
5,960.00
19,585.00
(8,696.00)
(5,359.00) (13,632.00)
5,352.00
601.00
5,953.00
325.00
0.00
325.00
(289.00)
(753.00)
(1,042.00)
152.00
0.00
275.00
130.00
2.00
132.00
0.00
0.00
198.00
5,670.00
(150.00)
5,841.00
(1,691.00)
131.00
(1,560.00)
3,979.00
(19.00)
4,281.00
(10.00)
(302.00)
(312.00)
3,969.00
(321.00)
3,969.00
MINI is computed as the
shareholders interest in
the subsidiary’s income.
All other Items are simply
added. Note that the
Parent Income and the
consolidated income are
equal. Note that while
Coke (parent) is bigger
CCE’s interest expense is
greater. Suggesting Coke
is parking liabilities.
Consolidated Ratios
Financial Ratios of CocaCola Equity Method vs Consolidation
Financial Ratios
Equit
y
2001
Consolidate
d
2000
Equity
Consolidated
Current Ration
0.85
0.77
0.71
0.74
Debt to Equity
0.97
2.39
1.24
2.80
Debt to Tangible Equity
1.26
(8.21)
1.56
(7.29)
Debt to Assets
0.49
0.70
0.55
0.74
Debt to Tangible Assets
0.56
1.14
0.61
1.16
Gross Profit
0.70
0.64
0.69
0.63
Return On Sales
0.20
0.13
0.11
0.07
Return On Assets
0.18
0.09
0.10
0.05
Return on Tangb Assets
0.20
0.14
0.12
0.08
Return on Equity
0.35
0.30
0.23
0.20
Return on Tangb Equity
0.45
(1.04)
0.29
(0.52)
Times Interest Earned
20.62
6.61
8.60
3.82
5.73
6.45
5.82
6.55
10.90
9.06
11.32
9.73
LTD to Equity
0.11
0.88
0.09
1.02
LTD to Assets
0.05
0.26
0.04
0.27
Inventory Turnover
Receivables Turnover
Financial ratios show the
discrepancy between the
equity method and the
consolidated method.
All ratios are negatively
impacted. Financial
leverage is the hardest
hit. Debt to equity
Doubles, while debt to
tangible equity goes
negative. Return metrics
are also negatively
impacted
Other Bad Actors using Equity
Method
 Enron
 Boston
Chicken
 Elan
 WorldCom/Embratel
…
Other Methods of Debt Hiding

Lease Accounting




Lease Trouble at Delta and others
Banks get preferred Airplane lease rates
Recalculate Airline Debt using lease payments
and work backwards
Pension Accounting



Pension troubles at AMR, Delta, Avaya, Goodyear,
GM, Delphi, Navistar, and Ford
Restate the Pension debt at realistic interest rates
Debt matters including Pension Debt
University of Illinois – XBRL
Kirkwood Credit Analyzer
Ratio
Cmpq Dell
HP
IBM
AssetTurnover
1.53
2.75
1.26
1.01
CurrentRatio
1.17
1.48
1.51
1.09
DaysCOGSInventory
24.24
5.96
57.91 32.58
[…]
Earnings Manipulation Probablity: 0.38% 0.36% 0.17% 0.80%
Issues for XBRL
 Taxonomy
 Select
Selection Issues
One or More Taxonomies
 Implementation
 Must
 Poor
Map Data Elements to Labels
Flexibility
 XBRL
 No
Issues
is Flat
Security
Auditor’s New Roles
 XBRL Validation
 Round
Tripping
 Source verification
 Instance verification
 Completeness verification
XBRL Validation

Roundtripping
 Two Validation Levels



Level I – Well Formed – valid XML
Level II – Valid – tests the schema for this (XBRL
document
Still need to test for application conformance
 XSLT generation from multiple Instances
Round Tripping
Roundtripping takes a document from its original form (e.g. XHTML)
then translates it to another form (e.g. XBRL), and returns it to its
original form.
Often this simple test will expose many flaws in an XBRL
implementation and is a quick auditor trick to validate the XBRL
generation process.
Source Verification
 Workflow
 Control
Points
 Security
 Horizontal
 Vertical
 Integrity, Authentication, Authority
Security
"The use of vertical XML standards in financial services is on
the rise. However, for XML standards such as MDDL, XBRL,
RIXML to achieve widespread adoption, robust security for
privacy, non-repudiation, trust and message integrity will be
critical," said Mary Knox, principle analyst, Financial Services at
Gartner. "Horizontal Web services standards like WS-Security,
XML Encryption, XML Digital Signatures and SAML are all key
enablers to the increased use of XML in financial services."
Supplementing with XML
Security
XML Security Suite is a tool that provides security features such
as digital signature, encryption, and access control for XML
documents. These features are beyond the capability of
transport-level security protocols such as Secure Sockets Layer
(SSL). The goals in creating this technology were to contribute to
standards development by providing sample implementations
and to supply advanced technologies to partners and developers
and to gather their input.
How it Works/Where to Get –
Commercial Software

Digital signature implementation based on
"XML-Signature Syntax and Processing" by
W3C/IETF
 XML encryption implementation based on
"XML Encryption Syntax and Processing" by
W3C
 XML Access Control Language and
implementation
 http://alphaworks.ibm.com/nav/security?open
&c=security+-+Utilities
Keel Public Domain

Model: Service for interacting with application
or business logic.
 Persistence: Service for managing storing
and retrieving object states and data.
 Security: Service for managing security of
application, including authentication and
authorization.
 Scheduling: Service for scheduling the
execution of the application's various
functionalities.
 Crypto: Service for encryption of transmitted
application data.
Instance Verification
 Just
because it is valid XBRL does not
mean
 The
calculations follow GAAP
 That the data is valid
 That you have access to the data
 That the Instance can be parsed by your
parser
Completeness Verification
 Just
because it is XBRL does not mean
that all required fields are reported to
the correct agency
 That all financial data made it into the
Instance
Consistency
 Just
because it is XBRL doesn’t mean
that
 Labels
aren’t overwritten in new an
incorrect ways
 That the data was transmitted correctly
 That a filter along the way did not remove
key data
Sarbanes-Oxley Requirement
Most public companies registered with the Securities and
Exchange Commission (SEC) will soon be subject to internal
controls reporting similar to the requirement imposed on the
large U.S. banks and other insured depository institutions
more than 10 years ago. Under Section 404 of the
Sarbanes-Oxley Act, most SEC registrants (other than
registered investment companies) must report annually on
the effectiveness of their internal controls, and their
independent auditors must attest to management?s
conclusions
SOX section 404
Sarbanes-Oxley 404 issues

More and Faster Reporting
 More Internal Controls, More blackout
periods, more separation of duties etc.
 IT departments responsible for security
 Unprepared IT departments
 Standard controls not defined for workflow
model
 Workflow’s are not organizationally
understood
Example 404 Checklists
Checklist Cont.
Checklist Cont.
Checklist Cont.
Using Keel to Develop
Controls
 Web
Based Control Checklist
 App to implement, Test and Report
 WorkFlow
Design
 Field level Encryption
 Signed wrappers
Keel Environment
Keel is ready made server side
infrastructure. Keel incorporates
multiple open source projects to
provide you with a best of breed
framework that works right out of
the box.
* Security layer
* Database abstraction layer
* Messaging layer
* Business logic layer
* User Interface layer
* Struts
* Cocoon
* Velocity
* Eclipse
Eclipse & Java
XBRL Audit Issues Summary

XBRL is XML with all that entails
 XBRL can save your investments
 XBRL is a powerful tool to allow auditors to
quickly perform audits
 A lot of work needs to be done before these
systems are mature
 Sarbanes-Oxley will further burden Auditors
with its IT knowledge requirements